Please read this notice carefully to understand what we do.

NOTICE OF PRIVACY POLICY

Thank you for visiting the websites of EJF Capital LLC and its affiliates (“EJF” or “we” or “our”). We respect your privacy and are committed to protecting it through our compliance with this policy (the “Privacy Policy”). This Privacy Policy describes the types of information we may collect from you, or about you, or that you may provide when you visit our website ( (the “Website”) and other websites or applications that may link to this Privacy Policy, and our practices for collecting, using, maintaining, protecting, and disclosing that information. Please read this Privacy Policy carefully to understand our policies and practices regarding how we collect, use, share, and protect your information. By using the Websites or interacting with us online, you are agreeing to the terms of this Privacy Policy, as posted here. If you do not agree with any terms or practices described in this Privacy Policy, please do not access, use or visit the Websites. This Privacy Policy may change from time to time, so please check the Privacy Policy periodically for updates (see the “Changes to Our Privacy Policy” section below).

SCOPE OF THIS PRIVACY POLICY

This Privacy Policy applies to information we collect on the Websites. It does not apply to information collected by:

  • Us offline or through any other means, including on any other website operated by EJF or any third party;
  • Us through our investor portal
  • Us that is subject to the Gramm-Leach-Bliley Act (and its implementing regulations) or similar state laws, which is subject to a separate Privacy Notice; or
  • Any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Websites. If you access those sites, you will be subject to the privacy and personal data protection rules in effect on those sites. We are not responsible for the content and the application of those rules.

INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT IT

We collect several types of information from and about users of our Websites (collectively, “personal information”) which includes:

  • Contact information, such your email address;
  • Technical information, such as information about your internet connection, the equipment you use to access our Websites, and your activities while browsing the Websites; and
  • Usage information, such as your browser time, the pages you view, your location, and the movement of your cursor.

We collect this information:

  • Directly from you when you provide it to us.
  • Automatically as you navigate through the Websites.
  • From internet service providers.
  • From our investment portal service provider.
  • From data analytics providers, such as Google Analytics.
  • From operating systems and platforms.
  • From social media platforms. We may receive information about you when you interact with our social media sites (for instance, following us on LinkedIn). The data we receive is dependent upon your privacy settings with each particular social network. You should always review, and if necessary, adjust your privacy settings on such third-party platforms.

INFORMATION YOU PROVIDE TO US

The information we collect on or through our Websites may include:

  • Information that you provide by filling in a form on our Websites.
  • We may also ask you for information if you report a problem with our Websites.

INFORMATION WE COLLECT THROUGH AUTOMATIC DATA COLLECTION TECHNOLOGIES

As you navigate through and interact with our Websites, we may use automatic data collection technologies to collect certain information about your equipment or devices, browsing activities, and patterns, including:

  • Details of your visits to our Websites, including web traffic data, location data, clickstream data, logs, and other communication data and the resources that you access and use on the Websites.
  • Information about your computer or device and internet connection. Information collected automatically may include usage details, IP addresses, browser types, operating systems, device identification numbers, and information collected through cookies and other tracking technologies.

We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). See the “‘Do Not Track’ and Global Privacy Control Disclosures” section below for information on how you can opt out of behavioral tracking on the Websites and how we respond to web browser signals and other mechanisms that enable consumers to exercise choice about behavioral tracking. The information we collect automatically, may, under the laws of certain jurisdictions, include personal information. We may also maintain such automatically-collected information with personal information we collect in other ways or receive from third parties. It helps us to improve our Websites and to deliver a better and more personalized service, including by enabling us to:

  • Estimate our audience size and usage patterns.
  • Store information about your preferences, allowing us to customize our Websites according to your individual interests.
  • Speed up your searches.
  • Recognize you when you return to our Websites.

The technologies we use for this automatic data collection may include:

  • A cookie is a small file placed on the hard drive of your computer by websites that you visit. Cookies are widely used to make websites work, or work more efficiently, and to provide information on web browsers, such as browser type, time spent on a website, pages visited, and other traffic data. For more information on our use of cookies on the Websites and how you can opt-out of them, please see our Cookie Policy.

HOW WE USE YOUR INFORMATION

We use information that we collect about you or that you provide to us, including any personal information:

  • To present our Websites and their contents to you.
  • To provide you with information or services that you request from us, including following up with you if you have reached out to us via our webforms.
  • To fulfill any other purpose for which you provide it.
  • To notify you about changes to our Websites and material changes to our Privacy Policy or Terms of Use.
  • To allow you to participate in interactive features on our Websites.
  • In any other way we may describe when you provide the information.
  • For any other purpose with your consent.

DISCLOSURE OF YOUR INFORMATION

We may disclose aggregated information about our Websites users, and information that does not identify any individual, without restriction. We may disclose personal information that we collect from you or that you provide as described in this Privacy Policy:

  • To our affiliates and other members of the EJF group.
  • To contractors, attorneys, banks, auditors, and other third parties we use to support our business working on our behalf for the purposes described in this Privacy Policy.
  • To technology and IT service providers (such as cloud service providers and software-as-a-service providers).
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of EJF’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by EJF about our Websites users is among the assets transferred.
  • To fulfill the purpose for which you provide it.
  • For any other purpose disclosed by us when you provide the information.
  • With your consent.

We may also disclose your personal information:

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
  • To enforce or apply our Terms of Use.
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of EJF, our clients, investors, or others.

CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION

We strive to provide you with choices regarding the personal information you provide to us. We offer the following mechanisms to provide you with control over your information:

  • Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of this site may be inaccessible or not function properly.
  • California Residents. California residents may have additional personal information rights and choices. Please see the section titled “Your California Privacy Rights” below for more information.
  • International Residents. Residents in the European Economic Area, the United Kingdom, Switzerland, and the Cayman Islands may also have additional personal information rights and choices. Please see the section titled “Additional Information Regarding the EEA, the UK, Switzerland, and the Cayman Islands” below for more information.

YOUR CALIFORNIA PRIVACY RIGHTS

California “Do Not Track” and Global Privacy Control Disclosures California law requires us to let you know how we respond to web browser Do Not Track (“DNT”) signals. This feature lets you tell websites that you visit that you do not want to have your online activity tracked. Because there currently is not any industry or legal standard for recognizing or honoring DNT signals, we do not respond to DNT signals at this time. However, EJF treats Global Privacy Control (“GPC”) signals as a request to opt-out of the “sale” and “sharing” of personal information under the California Consumer Privacy Act. When you choose to turn on the GPC setting in your web browser, your browser sends a special signal to websites, analytics companies, ad networks, plug-in providers, and/or other web services you encounter while browsing the internet to exercise your privacy rights and stop tracking your activity on the internet. We will honor your GPC signal setting in a frictionless manner. You can learn more about and set up GPC here: https://globalprivacycontrol.org/#about California “Shine the Light” Disclosures California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Websites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to info@ejfcap.com or write us at: EJF Capital LLC, 2107 Wilson Boulevard Suite 410 Arlington, VA 22201. We will respond to your request in accordance with applicable law and reserve our right not to respond to requests submitted other than to the email or mailing addresses specified in this section. CCPA Disclosures If you are a California resident, California law may provide you with the following additional rights regarding our use of your “personal information,” as defined under the CCPA as amended by the California Privacy Rights Act of 2020, and any regulations promulgated thereunder. These disclosures do not apply to information collected, processed, sold or disclosed under the Gramm-Leach-Bliley Act (and its implementing regulations) or the California Financial Information Privacy Act. Sources of Personal Information As described above in the section titled “Information We Collect About You and How We Collect It,” we collect this personal information from you, from our online service providers, and from our social media platforms. Categories of Personal Information Collected and Disclosed The following chart details the categories of personal information about California residents we have collected and disclosed for our operational business purposes in the preceding 12 months. Not all categories have been collected or disclosed for every individual.

Categories of Information Information Collected Information Disclosed to:
Identifiers such as name, postal address, unique personal identifier, online identifier, IP address, email address, account name, social security number, driver’s license, passport number, or other similar identifiers IP Address, Name, Email Address Affiliates, subsidiaries, vendors who perform services on our behalf, professional services providers, such as auditors, accountants and law firms, internet service providers, cloud service providers, data analytics providers, and regulators, if required
Personal information categories listed in the California customer records law (Cal. Civ. Code § 1798.80(e)) Name Affiliates, subsidiaries, vendors who perform services on our behalf, professional services providers, such as auditors, accountants and law firms, internet service providers, cloud service providers, data analytics providers, and regulators, if required
Protected classification characteristics under California or federal law. N/A  
Commercial information, including personal property records, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies N/A  
Biometric information N/A  
Internet or other electronic network activity information   Browsing history, information on a consumer’s interaction with our Websites Data analytics providers
Geolocation data, such as device location and IP location IP Location Data analytics providers
Audio, electronic, visual, thermal, olfactory, or similar information N/A  
Professional or employment-related information N/A  
Education information subject to the federal Family Education Rights and Privacy Act, such as student records N/A  
Inferences drawn from other personal information N/A  
Sensitive Personal Information, such as a driver’s license, state identification card, or passport number, account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account N/A  

Use and Disclosure of Personal Information As described above in the sections titled “Information We Collect About You and How We Collect It” and “Disclosure of Your Information,” we may use this personal information to operate, manage, and maintain our business, to provide our services, for vendor and employment management, and to accomplish our business purposes and objectives, including, for example:

  • To provide, support, personalize, and develop our Websites;
  • To create, maintain, customize, and secure your visits to our Websites;
  • To personalize your experience using the Websites and to deliver content relevant to your interests.
  • To help maintain the safety, security, and integrity of our Websites and other technology assets, and our business.
  • For testing, research, and analysis to develop and improve our Websites.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

Sale of Information We may “sell” or “share” (as such terms are defined by the CCPA) personal information about California residents (and may have sold or shared during the 12-month period prior to the Last Updated date of this Privacy Policy) the following categories of personal information about you to online advertising services: internet or other electronic network activity information. We do not have actual knowledge that we sell or share the personal information of any minors under sixteen (16) years of age (including in the preceding 12-month period) for purposes of the CCPA. Retention of Personal Information We retain your personal information as described in the Section titled “Retention.” Individual Rights and Requests If you are a California resident, you may request that we:

  1. Right to Know and Right to Access: Disclose to you the following information covering the 12 months preceding your request:
  • The categories of personal information we collected about you;
  • The categories of sources from which we collected personal information about you;
  • The specific pieces of personal information we collected about you;
  • The business or commercial purpose for collecting personal information about you; and
  • The categories of personal information about you that we disclosed, and the categories of third parties with whom we disclosed such personal information. You also have the right to receive your personal information in a structured and commonly used format so that it can be transferred to another entity.
  1. Right to Delete. Delete personal information we collected from you (under certain circumstances).
  2. Right to Correct. Rectify your personal information if it is inaccurate, outdated, or incomplete (in certain circumstances).
  3. Right to Opt-Out. Opt out of the sale or sharing of your personal information to Third Parties. To opt out of the “sale or “sharing” of your personal information, you may use the Global Privacy Control (as described in “California “Do Not Track” and Global Privacy Control Disclosures”).
  4. Right to Limit Sharing or Disclosure of Sensitive Personal Information. Limit the use and disclosure of your sensitive personal information that go beyond uses and disclosures specifically authorized by the CCPA. However, we do not collect sensitive personal information about California residents.
  5. Right to Non-Discrimination. You have the right to be free from unlawful discrimination for exercising your rights under the CCPA.

To make a request to exercise the rights described above, please feel free to contact us by emailing info@ejfcap.com. We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the personal information subject to the request. For your protection, we may need to request additional information from you (such as your name, email address, mailing address, and relationship with us) in order to verify your identity and protect against fraudulent requests. If you make a deletion request, we may ask you to verify your request before we delete your personal information. Authorized Agents If you want to make a request as an authorized agent on behalf of a California resident, you may use the submission methods noted above. As part of our verification process, we may request that you provide, as applicable, proof concerning your status as an authorized agent.

INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

EJF is headquartered in the United States and has an office in the UK and a marketing outpost in China. Our servers are also located in the United States. This means that personal information that you transfer to us through use of our Websites may be transferred to, stored, or processed in the United States or in other jurisdictions where our affiliates, service providers, employees, agents, contractors, consultants, professional advisers, data processors and persons employed and/or retained by them and business partners operate. Where we transfer personal information to such individuals or entities outside of the UK, the European Economic Area (“EEA”), or other territories subject to data transfer restrictions, we will ensure that our arrangements with them are governed by data transfer agreements or safeguards, designed to ensure that your personal data is protected as required under applicable data protection law (including, where appropriate, under an agreement on terms approved for this purpose by the UK Government, the European Commission or by obtaining your consent). For more information on the safeguards applied to such transfers, please contact info@ejfcap.com.

ADDITIONAL INFORMATION REGARDING THE EEA, THE UK, SWITZERLAND, AND THE CAYMAN ISLANDS

We recognize the importance of protecting your personal data. This Privacy Policy explains how we collect, store, and use your personal data in compliance with applicable data protection law as a controller, including, where relevant (as amended from time to time), the General Data Protection Regulation (EU) 2016/679 (“EU GDPR”) and any national laws enacted pursuant to the EU GDPR, the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 No. 419 (“UK GDPR,” together with the EU GDPR, the “GDPR”), the Swiss Federal Data Protection Act (“DPA”), and the Data Protection Law, 2017 of the Cayman Islands (“DPL”). Unless we inform you otherwise, EJF Capital LLC and/or one or more of its affiliates is the data controller in respect of processing your personal data. A data controller is responsible for deciding the ways in which and purposes for which personal data about you is processed. When used in this notice, unless otherwise stated, the terms “controller,” “processor,” “personal data,” “process,” and “processing” have the meanings given to them in the GDPR, the DPA, and the DPL, as applicable. Categories of Personal Data The categories of personal data that we collect from or about you are set forth in the section titled “Information We Collect About You and How We Collect It” above. Uses of Personal Data Your personal data may be stored and processed by us for the following purposes:

Purpose/Activity Types of Data Lawful Basis for Processing
To administer our business and manage our relationship with you, which will include notifying you about changes to our Terms of Use or this Privacy Policy, and other communications of information to you, discussions with our service providers and counterparties, decision-making, business strategy, and development and marketing.
  • Identifying
  • Contact

 

  • Performance of a contract with you.
  • Necessary to comply with a legal obligation.
  • Necessary for our legitimate interests (to keep our records updated about changes to our Terms of Use and policies).
To protect our business and the Websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting, security and hosting of data).
  • Identifying
  • Contact
  • Usage
  • Technical
  • Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or restructuring exercise).
  • Necessary to comply with a legal obligation.
To deliver relevant Websites content to you and to monitor, measure, or understand the effectiveness of the information we provide to you.
  • Identifying
  • Contact
  • Usage

 

Depending on whether we have an existing business relationship and where you are based, either:

  • Your consent; or
  • Necessary for our legitimate interests (to develop our products/services, to grow our business, and to inform our marketing strategy).
To undertake business development and marketing activities in relation to making suggestions and recommendations to you about products or services that may be of interest to you. This may include direct electronic marketing.
  • Identifying
  • Contact
  • Technical
  • Usage
Necessary for our legitimate interests in promoting products and services and growing our business.
To investigate and address violations of our Terms of Use and policies, detect, prevent, and combat harmful or unlawful behavior, and meet any of our legal, regulatory, or risk management obligations.
  • Identifying
  • Contact
  • Technical
  • Usage
  • Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise).
  • Necessary to comply with a legal obligation.

Your Rights Depending on the law of your country or region, or where the processing of your personal data occurs, you have a number of legal rights in relation to the personal data that we hold about you from the Websites. When the processing of your personal data is governed by the GDPR, you have rights as an individual that you can exercise in relation to the information held about you under certain circumstance. These rights are to: (a) The right to access your personal data (commonly known as a “data subject access request”). You have the right to receive a copy of your personal data and to verify that we are using your data in compliance with law. (b) The right to ask that we transfer your personal data to you or to a third party. This right is applicable only when the use is based on performance of a contract or the consent of the person involved. You have the right to receive some personal data in a structured, commonly used and machine-readable format and the right to request that we transmit that data to a third party where this is technically feasible. Please note that this right only applies to personal data that you have provided to us. (c) The right to request that we correct (rectify) your personal data if it is inaccurate or incomplete. (d) The right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it. (e) The right to request that we restrict our processing of your personal data in certain circumstances, including, but not limited to, where you contest the accuracy of such personal data. Please note that there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally entitled to continue processing your personal data or to refuse that request. (f) The right to object to the use of your data, on grounds relating to your specific situation, where the processing of your personal data is premised on our legitimate interests or those of a third party. (g) The right to withdraw your consent to the use of your data if the legal basis of the use is your consent. (h) The right to lodge a complaint with a data protection regulator (the details of which are provided below) if you think that any of your rights have been infringed by us. You can exercise your rights by contacting us using the details set out under the “Contacting Us” section below. You can find out more information about the rights you may have under the GDPR by contacting a data protection authority for your country or region, or where an alleged infringement of applicable data protection law occurs. A list of EEA data protection authorities is available at: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm. Information regarding the UK data protection authority is available at: https://ico.org.uk/. Information regarding the Ombudsman for the Cayman Islands is available at: https://ombudsman.ky/get-in-touch.

AUTOMATED DECISION-MAKING

We do not use automated processing, including profiling, to make decisions that will have either legal or material effects on the individuals from who we collect and process personal information.

CHILDREN’S PRIVACY

Use of the Websites is not intended for children under eighteen (18) years of age. We do not knowingly collect personal information from individuals under the age of 18.

SECURITY

We have implemented measures designed to secure the Websites and your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. Unfortunately, the transmission of information via the internet is not completely secure. We cannot guarantee the security of your personal information transmitted to our Websites, and we urge you to use caution on the internet. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Websites. If you have reason to believe that your interaction with the Websites is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.

RETENTION

We retain personal information only for as long as the information is needed to fulfill the purposes for which it was collected and processed. We will delete, anonymize or de-identify personal information within a reasonable time after the data is no longer necessary for the business purposes for which it was collected. We will, however, retain and use personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

CHANGES TO OUR PRIVACY POLICY

It is our policy to post any changes we make to our Privacy Policy on this page. If we make material changes to how we treat our users’ personal information, we will notify you through a notice on the Websites home pages. The date the Privacy Policy was last revised is identified at the top of the page. You are responsible for periodically visiting our Websites and this Privacy Policy to check for any changes.

CONTACTING US

To ask questions or comment about this Privacy Policy and our privacy practices, contact us at: EJF Capital LLC 2107 Wilson Boulevard Suite 410 Arlington, VA 22201 info@ejfcap.com 703-875-9121